February 26, 2020
What is the cost of a mistake?
Business ruin? Money loss? Or maybe reputational damages?
All of the above can occur because of mistakes we make, while still living in fear of losing everything.
When it comes to crucial errors, such things as business, money, and reputation are the most vulnerable elements security-wise. The end goal is to protect our confidentiality, privacy, and finances. In other words, to protect our confidential data. But the means we use to protect it sometimes could be even more vulnerable than the data itself: if there is no defense, there is no way to protect your data.
However, have you ever thought about security mistakes you could have made but weren’t able to recognize? Well, if not, now is the time.
Find out the 7 most common security mistakes you didn’t know you were making, and undertake measures to eliminate them today.
According to the Verizon report, the breach timeline “from the first action in an event chain to the initial compromise of an asset is most often measured in seconds or minutes. The discovery time is likely to be weeks or months.”
You may have heard of the U.S. Office of Personnel Management resignation. As a result of an identity theft attack, a considerable amount of personal information was exposed, including social numbers, names, dates, and addresses of almost 21.5 million people.
It took nearly a year to discover the breach.
So keep in mind — to save your business, you have to act fast.
Not updating your computer software is a major mistake. Nevertheless, people keep ignoring notifications and delay updating endlessly.
Being slow on updating security information is the same as leaving a door open, welcoming a hacker to come in. You have to keep computer software updated — not just the versions of programs themselves, but also the databases. Keeping the databases up-to-date helps you to protect yourself against the latest internet threats.
Make a rule of updating so you can appraise the outcomes correctly.
Preventing a disease is always better than fighting against the outcomes of it afterwards.
Underestimating cyber-attacks is another popular mistake in security.
Email scams led to $2.3 billion losses from October 2013 through February 2016, and a 270% increase in victims. Note, these are attacks that have been confirmed. The precise quantity of undisclosed breaches is even harder to tell.
As PhishMe research shows, 91% of all worldwide cyber-attacks start with a spear phishing email. At the same time, among social attacks pretexting represent 98%.
The Symantec Internet Security Threat Report (ISTR) revealed that “in 2016 one out of every 131 emails contained malware, and 61 percent of organizations were hit by a ransomware attack.”
Now, as for 2020 predictions, according to the PwC report, there is a new tendency that is visible: top managers universally remove their accounts from social networks. They do so in order to stave off possible use of personal information, which cyber-attackers could use against them in a potential email scam.
Additionally, PwC analysts found that “cyberattacks have become the most feared threat for large organizations."
But even such preliminary tactics from the CEOs side are not often enough as data is already out there.
For that, you need to instill and follow stringent cyber hygiene rules and elaborate certain habits of email security.
No doubt, for most people, checking emails is the same habit as brushing teeth: the health of your teeth depends on how often you brush them. If you do not do it frequently enough, you’ll inevitably get a cavity.
After social networks and instant messengers, email is the most common way to communicate over the Internet. However, along with its popularity, email became one of the most vulnerable communication methods. The “tooth decay” of any emails is cyber-attacks. Indeed, a considerable part of them target email.
The DMR report shows that the average office worker receives 121 emails per day.
When you get so many emails, it is easy not to notice another phishing email, for example. And that is what the cyber fraudsters rely on: they wait for you to make a fatal failure. You can receive an unsolicited email that seems suspicious, but you won’t be able to distinguish it from the regular one. Besides, you can’t discard the fact that many incoming emails contain links and attachments. Clicking on any is also considered a risk.
Multiple spelling or grammar mistakes in the sender’s name is another common oversight. If you don’t recognize the sender, assume it is spam and delete the message immediately. If you are not sure about the originality of this email, simply do not respond to it.
In order to be good at identifying email threats, we should do one simple thing — practice.
Statistics about human error speak for itself.
That’s why you have to do something about it. And training is the best way.
Phishing and social engineering techniques pose a substantial security threat to enterprises. But they can easily be recognized if you know exactly what you’re looking for.
BYOD (Bring Your Own Device) is another widespread practice and simultaneously a big threat to security. When employees use their devices (smartphones, tablets, laptops, or USB drives), they may use unauthorized applications, which leave room for shadow IT.
Training and educating your employees are the first steps you need to take on your way to comprehensive email security. Ongoing education helps to reshape old bad habits into new, good ones.
Opening and downloading email attachments from unknown email addresses is another serious security issue.
"Most people who are going to click a phishing email do so in just over an hour," according to the 2018 Verizon Data Breach Investigations Report.
Attachments may contain malware (trojans, worms, viruses). They can completely disable your device, delete files from your hard drive, or compromise your personal data. More often such a threat comes as PDF or DOC files.
The situation is getting worse, when employees start forwarding malicious embedded attachments to other colleagues. In that particular case, stopping a virus from spreading all over the network is almost impossible: this time recipients will click the attachment 99% of the time, because the email came not from the unknown person, but from someone they are familiar with.
First thing you should do to avoid this common mistake is to notify your system administrator. If you haven’t opened the attachment, other employees of your organization could have done that. Don’t forget — they also could be targets.
As you very well know, most attacks are aimed at stealing your credentials. This leads us to another popular email security mistake.
Password security is one of the primary objectives in the whole email security system of your organization. The main misleading thing here is assurance that your password is pretty complex.
Rare password changing is a weakness of security. Malicious hackers know about it. And brute-force attack is one of their “strengths”: they use this technique to compromise your password.
Besides, you don’t know for sure what can happen the next moment. Anyone could simply gain access to files with confidential information or to the devices where you store them.
Therefore, be sure to follow these next rules.
With the fast growth of daily cyber-attacks, password policy as well as search of secure communication channels are necessary measures to keep your emails secure.
Instead of fearing to lose business, sensitive data, reputation, considerable money and time, protect your emails with a secure communication channel that StealthMail provides.
StealthMail is a software solution that protects your personal data and ensures security and privacy of your email business correspondence.To learn more about StealthMail, download the datasheet at https://stealthmail.com/info.